Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security and Privacy Services Cloud computing point of view October 2012.

Published byJasper Hall Modified over 8 years ago

Similar presentations

Presentation on theme: "Security and Privacy Services Cloud computing point of view October 2012."— Presentation transcript:

1 Security and Privacy Services Cloud computing point of view October 2012

2 Copyright © 2012 Deloitte Development LLC. All rights reserved. 1 Cloud Opportunities Beyond apparent security and risk challenges, Cloud computing will lead to… Leverage Cloud solutions to realize better efficiency within security management program Opportunity to implement stronger security than legacy on premise security models Disposable environment - turn it off when not in use to keep security efficiency high Reduce vulnerabilities by ‘rightsizing’ resources in use through dynamic provisioning capability Cloud Security Strategy Regulatory Identity, and Access Mgmt ERP Cyber Threat Resiliency and Availability Privacy Security Operations App Development New Security Opportunities

3 Copyright © 2012 Deloitte Development LLC. All rights reserved. 2 Using integrated frameworks to help comply with regulatory requirements Cloud Security Strategy Resiliency and availability Cyber threat Privacy App development ERP Security operations Identity, and access mgmt WHAT YOU NEED TO KNOW:CHALLENGES:SOLUTION: Identifying the current and upcoming regulatory requirements should be part of the design and selection of the cloud solution. Use an integrated framework that rationalizes the various regulatory requirements as the assessment and tracking mechanism for the various regulatory requirements. Create strategies for managing and prioritizing remediation efforts. Use a risk-based approach for managing risk. Regulatory Perform a regulatory analysis of your cloud computing adoptions to understand what requirements are needed. Establish an integrated framework for the current and even upcoming requirements. Consider a GRC (Governance, Risk and Compliance) strategy that allows an “Assess Once, Test Once, Satisfy Many” model. Next steps What to include in your regulatory strategy Some regulations have not been updated Since cloud computing is relatively new, many regulatory agencies have not updated the requirements for the cloud. As regulations change, companies may not know each of the requirements needed to comply before they use cloud computing. Often, the regulatory and security requirements come after the fact. Companies are concerned with various unknowns, including the rapid development of many new products, technologies, and services available for the cloud. Depending on the cloud computing solution, using certain cloud service providers may actually increase or change the regulatory requirements that a company traditionally needs to comply with. There are strategies for managing multiple requirements Companies are at different levels of maturity, requiring strategies for prioritization and remediation. Standards and leading practices are too new Cloud computing does not yet have an established “standard” and many leading practices are still evolving. Regulations

4 Copyright © 2012 Deloitte Development LLC. All rights reserved. 3 How to enable secure application development WHAT YOU NEED TO KNOW:CHALLENGES:SOLUTION: Cloud Security Strategy Regulatory Identity, and access mgmt. ERP Cyber Threat Resiliency and availability Privacy Security operations Create and define application security requirements and regulatory expectations for moving to the cloud. Define SDLC approach and expectation for use of an operational software application hosted by a CSP. Update and document patch and vulnerability management expectations for hosted applications to include support services. Create a data and application access strategy, which aligns to existing data access security policies. What to include in your App Development strategy App development Create an application deployment roadmap for moving to a CSP based on risk exposure, reduction, and deployment capability. Develop a security evaluation criterion to evaluate application environments to include evaluations for support PaaS and IaaS. Outline service-level expectation within SLA along with an ISA, which outlines security expectation (e.g., uptime, upgrades, and response capabilities). Next steps Operation Software Development Life Cycle SaaS applications should follow a specific Software Development Lifecycle (SDLC) model and operational release management process (e.g., security-focused user acceptance testing). Secure Configuration and Vulnerability Testing SaaS applications need be configured in accordance to a published common configuration management guide as well as use common security benchmarks (e.g., OWASP Top 10, CIS Configuration Benchmarks, and NIST SCAPs). Migrating Legacy Applications Many companies are recognizing the value of migrating legacy applications to a PaaS model to reduce cost and avoid expensive hardware costs for the upkeep of less active applications. Cloud application hosting can involve several outsourced services (e.g., PaaS and IaaS), which can create difficulties for aligning security practices, response and patch, and vulnerability management capabilities throughout the service offering. Operational SDLC for SaaS services may not mature. CSP’s SDLC process may not include operational testing, throughput put, and data transfer/failover capabilities via PaaS/IaaS. Application release cycle and patch and vulnerability management can be difficult based on CSP capabilities, terms, and service operations. The cycle of version changes may not always be known and sometimes can change without warning. Application Security

Download ppt "Security and Privacy Services Cloud computing point of view October 2012."

Similar presentations

IT Asset Management Status Update 02/15/2010. 2 Agenda What is Asset Management and What It Is Not Scope of Asset Management Status of Key Efforts Associated.

IT Asset Management Status Update 02/15/ Agenda What is Asset Management and What It Is Not Scope of Asset Management Status of Key Efforts Associated.
© Copyright 2010 Hewlett-Packard Development Company, L.P. HP Confidential. 1 HP ENTERPRISE CLOUD SOLUTIONS VERSION 11-01-2010.

© Copyright 2010 Hewlett-Packard Development Company, L.P. HP Confidential. 1 HP ENTERPRISE CLOUD SOLUTIONS VERSION
Hybrid Computing is the New Net Norm Heath Aubin Solution Architect Microsoft Corporation AAP201.

Hybrid Computing is the New Net Norm Heath Aubin Solution Architect Microsoft Corporation AAP201.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.

Security, Privacy and the Cloud Connecticut Community Providers’ Association June 20, 2014 Steven R Bulmer, VP of Professional Services.
Dr. Bhavani Thuraisingham June 2013

Dr. Bhavani Thuraisingham June 2013
By Adam Balla & Wachiu Siu

By Adam Balla & Wachiu Siu
KDP-1: Integrate supply chain knowledge into secure solutions concepts Evaluate supply chain threats with respect to the set of possible solutions under.

KDP-1: Integrate supply chain knowledge into secure solutions concepts Evaluate supply chain threats with respect to the set of possible solutions under.
Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.

Clouds C. Vuerli Contributed by Zsolt Nemeth. As it started.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Copyright © 2006, ZapThink, LLC 1 Achieving the “5 Nines” of Business Continuity in SOA Applications Jason Bloomberg Senior Analyst ZapThink, LLC.

Copyright © 2006, ZapThink, LLC 1 Achieving the “5 Nines” of Business Continuity in SOA Applications Jason Bloomberg Senior Analyst ZapThink, LLC.
Security Controls – What Works

Security Controls – What Works
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
Cloud Usability Framework

Cloud Usability Framework
Be Smart, Use PwrSmart What Is The Cloud?. Where Did The Cloud Come From? We get the term “Cloud” from the early days of the internet where we drew a.

Be Smart, Use PwrSmart What Is The Cloud?. Where Did The Cloud Come From? We get the term “Cloud” from the early days of the internet where we drew a.
Greg Pierce| Concerto Cloud Services Which Cloud is Right for Microsoft CRM?

Greg Pierce| Concerto Cloud Services Which Cloud is Right for Microsoft CRM?
Cloud Computing Guide & Handbook SAI USA Madhav Panwar.

Cloud Computing Guide & Handbook SAI USA Madhav Panwar.
Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.

Demonstrating IT Relevance to Business Aligning IT and Business Goals with On Demand Automation Solutions Robert LeBlanc General Manager Tivoli Software.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

© 2012 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

Similar presentations

Ads by Google